Hi Razvan, another question about crl_list, when crl list changed, what is the best way to reload this list in OpenSIPS memory ? restart it ? or another way ? I know the crl_list can change each day, so if I have to restart opensips each day, it's not very practical.
thanks in advance Le mar. 25 juil. 2023 à 14:47, Mickael Hubert <mick...@winlux.fr> a écrit : > Hi Razvan, > Thanks a lot. > I loaded the CRL for CA and certs and opensips start correctly ;) > > Have a good day ! > > Le lun. 24 juil. 2023 à 16:07, Răzvan Crainea <raz...@opensips.org> a > écrit : > >> Hi, Mickael! >> >> I don't have much experience with this, but a first search would point >> to this [1] answer, which seems reasonable to me: you need to provide >> the CRL of the entire path, not only of your intermediate cert. Did you >> try that? >> >> [1] https://stackoverflow.com/a/47398918 >> >> Best regards, >> >> Răzvan Crainea >> OpenSIPS Core Developer >> http://www.opensips-solutions.com >> >> On 7/19/23 15:47, Mickael Hubert wrote: >> > Hi all, >> > I'm working on stir and shaken, and I want to include all revoked >> > certificates. >> > I my list in DER format, I use this command to transform it to >> PEM format: >> > openssl crl -in man_crl.der -inform DER -outform PEM -out crl.pem >> > >> > there is no erreur, I can read pem format (crl.pem): >> > -----BEGIN X509 CRL----- >> > .... >> > -----END X509 CRL----- >> > >> > I configured opensips with this: >> > modparam("stir_shaken", "crl_list", >> "/etc/opensips/stir-shaken-ca/crl.pem") >> > >> > but I have an error: >> > ul 19 12:39:07 [12] INFO:stir_shaken:verify_callback: certificate >> > validation failed: unable to get certificate CRL >> > Jul 19 12:39:07 [12] INFO:stir_shaken:w_stir_verify: Invalid certificate >> > >> > Can you tell me, what is exactly the correct format please ? >> > >> > Thanks in advance ! >> > ++ >> > >> > _______________________________________________ >> > Users mailing list >> > Users@lists.opensips.org >> > http://lists.opensips.org/cgi-bin/mailman/listinfo/users >> >> _______________________________________________ >> Users mailing list >> Users@lists.opensips.org >> http://lists.opensips.org/cgi-bin/mailman/listinfo/users >> >
_______________________________________________ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users